phpbb (2.x) authentication backend

This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

fromdjango.contrib.auth.modelsimportUserimporthashlibclassPhpbbAuthenticationBackend:defauthenticate(self,username=None,password=None):try:# phpbb 2.x encodes passwords as plain md5 hashes, no saltpass_md5=hashlib.md5(password).hexdigest()user=User.objects.get(username=username,password=pass_md5)# get rid of the old-style password, get with the new style!user.set_password(password)user.save()returnuserexceptUser.DoesNotExist:returnNone